Security & Privacy settings for Mac (macOS) Devices

For secure device management, it becomes important to control the Application installation sources, enable the Firewall and control the privacy settings.

Scalefusion allows IT Admins to configure the Security & privacy settings for the managed macOS devices. Follow the steps below to configure these settings in Mac (macOS) Device Profiles,

1. Navigate to Device Management > Device Profiles section.
2. Launch the Device Profile Wizard by clicking on CREATE NEW PROFILE or select a Mac Device Profile and Edit it from the action panel.
3. Click on the Security & Privacy section to start configuring the security & privacy settings.
4. The Generalsection offers the following settings,

   Setting	Description
   Configure Gatekeeper Settings Mac App Store Mac App Store and Identified Developers	If the Gatekeeper setting is NOT enabled, then users can download any dmg or package file and install it, even if it is not signed by a valid developer certificate. If the Mac App Store is selected, then users will be allowed to install applications only from the Apple App Store. If Mac App Store and Identified Developers, then users can install third-party dmg and package files as well that are signed by a valid developer certificate.
   Do not allow the user to override the Gatekeeper setting	If enabled, this setting prevents the user from temporarily overriding the Gatekeeper settings by right-clicking on the downloaded file and installing/opening it.
   Allow user to change Password	Control if the users are allowed to change the password from System Preferences.
   Require Password ___ after sleep or screen saver begins	Choose a duration after the screensaver starts or the device goes to sleep when the user is asked to enter a Password.
   Allow user to set a lock message	Control if the users are allowed to change the lock screen message from System Preferences.
   Allow users to unlock the Mac using an Apple Watch	Control if the user is allowed to unlock the Mac using a paired Apple Watch.
   Restrict Profile Removal	Choose if the users can remove the installed Configuration Profiles.

5. The Firewall section offers the following settings,
   1. Enable Firewall: Enable this setting to control & secure the connections between the applications and network ports on the managed Mac devices. Note: Firewall cannot be turned Off remotely, It can only be enabled.
   2. Enable Stealth Mode: Enabling Stealth Mode blocks the Mac from responding to incoming probe requests. The incoming requests for authorized apps are still acknowledged by the Mac, while unexpected requests such as ICMP (ping) are disregarded.
   3. Enable Incoming Connections: Enable this setting to block all incoming network connections except those required for basic internet services, such as DHCP, IPSec etc.

      Note: Use this option with caution, as it may cause issues with the regular usage of the managed Mac device.

6. The Privacysection offers the following setting,
   1. Send diagnostic & usage data to Apple, and share crash data with app developers: Enable this setting if you want the diagnostic data to be shared with Apple and crash data with application developers.
7. Click SAVE to save the changes to the profile.